The kubernetes repository contains some internal golang modules that are
not part of the golang global workspace. Because apidiff is currently
run from the root of the repository, it does not work against this
internal modules.
Instead of executing apidiff from the root we can just cd into the
passed path of the module to avoid this limitation.
The intent is to check the real-world impact of an API change by
compiling controller-runtime with staging repos replaced by the
modified ones.
Such build checks must be requested explicitly with the new -b flag.
In a Prow job, the current work tree is the result of merging a PR into the
target. We want apidiff.sh from there, but then need to invoke it for two
specific revisions and compare.
While at it, output and usability get enhanced. The directory parameter(s) may
be absolute paths or lack the leading . that is required by apidiff.
The script failed in the Prow job with:
fatal: Not a valid object name origin/master
That came from "git merge-base origin/master HEAD", which isn't needed because
the Prow job intentionally sets -r explicitly.
Now the fallback is only tried if needed. While at it, the informational
messages get enhanced.
Pinning apidiff to a specific version shouldn't be necessary because, if past
experience in klog holds true, the latest version just works. This way we don't
have to remember to bump up the revision.
The downside of using "latest" is that a compromise of that version would give
an attacker the ability to run code in the CI and on developer machines.
apidiff can be invoked for a single internal package or iterate over
everything, including staging. The base to compare against can be specified via
-r (similar to verify-golangci-lint.sh), with the default the base revision on
master (similar to -a in verify-golangci-lint.sh).
